Learning & Development, Technology

Right Now, Hackers Are Interacting with Your Employees—Are They Prepared?

Imagine a scenario in which an employee clicks a link in an e-mail and costs his or her employer $600,000. Unfortunately, this situation does not require one’s imagination. This is exactly what happened in Riviera Beach, Florida, when an employee clicked a link in an e-mail, and the government was crippled by a ransomware attack. The city had to pay all of that money just to gain access to its own files.

Who is to blame when these things happen? One cybersecurity expert believes that the onus of responsibility rests squarely on employers that fail to conduct adequate preventive training.

The Situation

Such incidents are on the rise. I spoke with cybersecurity expert Jess Coburn, President and Founder of Applied Innovations, who explained that “hackers are constantly changing their techniques and tactics”; he provided the following methods that contemporary hackers use to gain access to a computer or personal information:

An e-mail from Amazon that says your new laptop couldn’t be delivered, except you didn’t order a laptop.

An e-mail from Office 365 that says your password is expiring in 48 hours and you need to log in and change it immediately or lose access to e-mail.

An e-mail from the Internal Revenue Service that says your tax refund was just deposited in your bank account at Washington Mutual, but you don’t have an account at Washington Mutual.

An e-mail from a known contact, but the e-mail address is wrong. Always check the sender’s e-mail address, and when you click “reply,” look at the e-mail address it’s going to.

Misspellings, typos, and grammatical errors in the e-mails and landing pages.

Landing pages that are missing images or that don’t use “https” or the URL looks wrong—for example, www.microsoft.com.bobsblog.org or mail-rnicrosoft.com or microsoftt.org.

Requests that are not the norm, such as a request to immediately send a wire, buy a gift card, or complete an action but not to reach out to the sender because he or she is getting on a plane, going into a meeting, etc.

Whose Fault Is It?

When a disaster happens, the blame game begins. Coburn gave an example that is similar to situations he has helped deal with. An employee named Bob gets swindled out of 15 $100 Amazon gift cards and sent them to a hacker in Ukraine.

In Coburn’s experience, the CEO’s response invariably sounds something like, “Oh my God. That guy is an idiot. How could he have done this? I can’t believe I have this fool working for me. Should we make him pay for this?” To this argument, Coburn responds, “Has the employer done the due diligence that was necessary to make sure Bob didn’t give the 15 gift cards to his boss thinking it was his boss?”

How could Bob’s boss have helped him avoid the situation? Coburn strongly believes that the solution comes down to the right kind of training delivered in the right way.

Coburn had a little more to say about poor Bob: “Bob needs the training. Shame on you for not spending the couple of dollars a user a month to give him the training he needs.”

Training, Training, Training.

Keeping your employees apprised of the latest types of cyberattacks, as well as the methods for avoiding them, comes down to training. It won’t be enough to do a single training. Coburn says that “it’s not like classic training where it’s one and done. The tactics are constantly changing.” He continues, “Hit employees with new training, little micro training lessons a couple of minutes—each of these lessons a couple of times a month—to make sure that they’re aware of what’s going on.”

The Divide Between HR and IT

You might be wondering how you, an HR manager, are going to get IT onboard with some of these solutions. Coburn recognizes that part of the problem here involves the way organizations separate HR and IT duties. He says, “I think that there is too much of a divide between IT and HR. People think, ‘Oh, that’s related to computers; go talk to IT.’”

While you can’t expect HR professionals to be IT managers and you can’t expect IT managers to be HR professionals, you can help encourage more communication between the two departments. Coburn states, “There needs to be that collaboration between IT and HR because it’s the business.” In other words, the issue of a cybersecurity breach is both a technology issue and a people issue. So tackle the problem from both angles in a coordinated effort.

What Else Can You Do?

Other than providing better training and encouraging more collaboration between HR and IT, Coburn provided the following list of preventive measures:

Run phishing simulations whereby you send your employees actual phishing e-mails and use them as a way to teach them what to look for. Coburn says that when companies do phishing simulations, 50%–80% of employees fail.

Ensure software is updated, from servers to desktops and even your mobile devices and smartphones.

Invest in modern security solutions like time-of-click e-mail protection, attachment sandboxing, and detonation.

Leverage alternative training mediums like posters, animations, movies, and online classes, and provide them in microtraining nuggets throughout the year so the information remains fresh and current.

Users, check the sender’s e-mail address against the message signatory. Do they match? If not, don’t touch it.

Ultimately, people make mistakes, and Coburn agrees: “People get busy, they get distracted, they click the wrong button. Just like they delete the wrong file or they send an email to the wrong Mary. It happens.” But with the right training and the right frame of mind, you can make it happen a lot less often and with far fewer consequences.

Connect with Us

Free Resources

Due to COVID-19, the need for digitizing hiring to enable remote work is even greater. Ensuring that new hires are successfully settling in to their new roles is paramount in this unprecedented time. Download our free whitepaper for a look at the key phases of the onboarding journey and how various DocuSign products can improve each […]

One important aspect of improving the workplace environment that is often overlooked is office design. Changes to office and workstation design can not only make for a more pleasant and inviting workplace but also guard against complaints of employee discomfort and even costly work-related injuries.

The Recruiting Daily Advisor research team conducted a survey throughout February 2019 to take a snapshot of the real-world recruiting landscape. In our fifth annual recruiting survey, which features data from over 530 respondents, we sought to uncover recruiting trends among employers nationwide.

Knowing when to terminate an employee is just as important as knowing how to terminate an employee – and you can with this Terminations Procedures checklist.

WHY ATTEND A FORUM EVENT

Forum Events are 2-day complimentary networking events geared towards senior-level professionals. This is a great opportunity to network with peers, source solutions, and attend workshops. Check out this video to hear what previous attendees had to say.

HR Solution Showcase

COVID-19 Map and Resources for HR Professionals

The coronavirus (COVID-19) outbreak is top of mind for HR professionals and employers nationwide. Keep up with the current number of cases in your state with our interactive map, updated daily, and read on to learn how COVID-19 is impacting workplaces across the nation and what you can do to keep your workers healthy and safe.
Continue reading.

Coronavirus News and Headlines

The latest news and headlines to keep you up to date on the COVID-19 pandemic.
See resources.